Systems and Means of Informatics
2016, Volume 26, Issue 3, pp 74-82
ARCHITECTURAL VULNERABILITIES OF DISTRIBUTED INFORMATION SYSTEMS
- A. A. Grusho
- N. A. Grusho
- E. E. Timonina
- S. Ya. Shorgin
Abstract
The paper is devoted to the analysis of architectural vulnerabilities of the distributed information systems. Such vulnerability, which cannot be closed by the existing set of mechanisms of information security or for which ways of its closing are unknown, is called an architectural vulnerability in the distributed information systems. The examples of architectural vulnerabilities show that usually, these vulnerabilities are connected with the inadmissible or missed from attention interactions in distributed information systems. For closing or partial closing of architectural vulnerabilities, a special architecture which does not allow directly forbidden interactions was created. For this purpose, it is possible to use methods of restriction of influences of some components of distributed information systems on other components.
[+] References (14)
- Department of Defense Trusted Computer System Evaluation Criteria. 1985. DoD. Available at: http://csrc.nist.gov/publications/history/dod85.pdf (accessed September 19, 2016).
- Rieck, K., P. Stewin, and J.-P. Seifert, eds. 2013. Detection of intrusions and malware, and vulnerability assessment. Lecture notes in computer science ser. Springer. Vol. 7967. 219p. Availableat: http://link.springer.com/book/10.1007%2F978-3-642- 39235-1 (accessed September 19, 2016).
- Skorobogatov, S., and C. Woods. 2012. Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic hardware and embedded systems. Eds. E. Prouff and P. Schaumont. Lecture notes in computer science ser. Heidelberg: Springer. Vol. 7428. 23-40. Available at: http://www.cl.cam.ac.uk/~sps32/ Silicon_scan_draft.pdf (accessed September 19, 2016).
- Grusho, A., N. Grusho, E. Timonina, and S. Shorgin. 2014. Bezopasnye arkhitek- tury raspredelennykh sistem [Secure architecture of the distributed systems]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 24(3): 18-31.
- Grusho, A., N. Grusho, E. Timonina, and S. Shorgin. 2015. Vozmozhnostipostroeniya bezopasnoy arkhitektury dlya dinamicheski izmenyayushcheysya informatsionnoy siste- my [Possibilities of secure architecture creation for dynamically changing information systems]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 25(3):78-93.
- Grusho, A., Ed. Primenko, and E. Timonina. 2009. Teoreticheskie osnovy komp'yuternoy bezopasnosti [Theoretical bases of computer security]. Moscow: Academy. 272 p.
- CS: Prelude SIEM. 2012. Available at: http://www.prelude-technologies.co (accessed September 19, 2016).
- Nappa, A., M.Z. Rafuque, and J. Caballero. 2013. Driving in the cloud: An analysis of drive-by download operations and abuse reporting. Detection of intrusions and malware, and vulnerability assessment. Eds. K. Rieck, P. Stewin, and J.-P. Seifert. Lecture notes in computer science ser. Springer. 7967:1-20. Available at: http://software.imdea.org/~juanca/papers/cloudjdimval3.pdf (accessed September 19, 2016).
- Majumdar, R., S. D. Tetali, and Z. Wang. 2014. Kuai: A model checker for software- defined networks. 2014 Formal Methods in Computer-Aided Design (FMCAD
2014) Proceedings. Lausanne, Switzerland: IEEE. 163-170. Available at: http:// www.cs.utexas.edu/users/hunt/FMCAD/FMCAD14/proceedings/27_majumdar.pdf (accessed September 19, 2016).
- Luo, Sh., J. Wu, J. Li, and L. Guo. 2015. Context-aware traffic forwarding service for application in SDN. 2015 IEEE Conference (International) on Sustainable Computing and Communications (SustainCom 2015) Proceedings. 2015. Chendu, China: IEEE. 557-561.
- Lampson, B. W. 1973. A note of the confinement problem. Commun. ACM 16(10):613- 615.
- Grusho, A., N. Grusho, and E. Timonina. 2014. Analiz metok v skrytykh kanalakh [The analysis of tags in the covert channels]. Informatika i ee Primeneniya - Inform. Appl. 8 (4): 12-16.
- Grusho, A., and D. Smirnov. 2016. Zashchita biznes-logiki ot atak nulevogo dnya [Protection of business logic against zero day attacks]. Sistemy i Sredstva Informatiki - Systems and Means of Informatics 26(3):60-73.
- Grusho, A., N. Grusho, M. Zabezhailo, and E. Timonina. 2016. Integratsiya statisti- cheskikh i deterministskikh metodov analiza informatsionnoy bezopasnosti [Integration of statistical and deterministic methods of information security analysis]. Informatika
i ee Primeneniya - Inform. Appl. 10(3): 19-25.
[+] About this article
Title
ARCHITECTURAL VULNERABILITIES OF DISTRIBUTED INFORMATION SYSTEMS
Journal
Systems and Means of Informatics
Volume 26, Issue 3, pp 74-82
Cover Date
2016-08-30
DOI
10.14357/08696527160305
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
vulnerabilities of distributed information systems; architectural vulnerabilities; methods of architectural vulnerabilities analysis
Authors
A. A. Grusho  , N. A. Grusho ,
E. E. Timonina , and S. Ya. Shorgin
Author Affiliations
Institute of Informatics Problems, Federal Research Center "Computer Science
and Control", Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
|